Mobile and Cloud Technology. Client will not store Credit Bureau Data on mobile devices. Any exceptions will be obtained from the specifically effected Credit Bureau. Mobile applications development must follow industry known secure software development standard practices such as OWASP and OWASP Mobile Security Project adhering to common controls and addressing top risks. a. Mobile applications development processes must follow secure software assessment methodology which includes appropriate application security testing (for example: static, dynamic analysis, penetration testing) and ensuring vulnerabilities are remediated. b. Mobility solution server/system should be hardened in accordance with industry and vendor best practices such as Center for Internet Security (CIS) benchmarks, NIS, NSA, DISA and/or other. c. Mobile applications and data shall be hosted on devices through a secure container separate from any personal applications and data. See details below. Under no circumstances is Credit Bureau Data to be exchanged between secured and nonsecured applications on the mobile device. d. In case of non-consumer access, that is, commercial/business-to-business (B2B) users accessing Credit Bureau Data via mobile applications (internally developed or using a third-party application), ensure that multi-factor authentication and/or adaptive/ risk-based authentication mechanisms are utilized to authenticate users to application. e. When using cloud providers to access, transmit, store, or process Credit Bureau Data ensure that: 1. Appropriate due diligence is conducted to maintain compliance with applicable laws and regulations and contractual obligations 2. Cloud providers must have gone through independent audits and are compliant with one or more of the following standards, or a current equivalent as approved/recognized by the Credit Bureaus: (i) ISO 27001 (ii) PCI DSS (iii) EI3PA (iv) SSAE16 – SOC2 or SOC 3 (v) FISMA
Appears in 2 contracts
Samples: Master Services Agreement, Master Services Agreement
Mobile and Cloud Technology. Client NCC will not store Credit Bureau Data on mobile devices. Any exceptions will be obtained from the specifically effected Credit Bureau. Mobile applications development must follow industry known secure software development standard practices such as OWASP and OWASP Mobile Security Project adhering to common controls and addressing top risks.
a. Mobile applications development processes must follow secure software assessment methodology which includes appropriate application security testing (for example: static, dynamic analysis, penetration testing) and ensuring vulnerabilities are remediated.
b. Mobility solution server/system should be hardened in accordance with industry and vendor best practices such as Center for Internet Security (CIS) benchmarks, NIS, NSA, DISA and/or other.
c. Mobile applications and data shall be hosted on devices through a secure container separate from any personal applications and data. See details below. Under no circumstances is Credit Bureau Data to be exchanged between secured and nonsecured applications on the mobile device.
d. In case of non-consumer access, that is, commercial/business-to-business (B2B) users accessing Credit Bureau Data via mobile applications (internally developed or using a third-party application), ensure that multi-factor authentication and/or adaptive/ risk-based riskbased authentication mechanisms are utilized to authenticate users to application.
e. When using cloud providers to access, transmit, store, or process Credit Bureau Data ensure that:
1. Appropriate due diligence is conducted to maintain compliance with applicable laws and regulations and contractual obligations
2. Cloud providers must have gone through independent audits and are compliant with one or more of the following standards, or a current equivalent as approved/recognized by the Credit Bureaus:
(i) ISO 27001 (ii) PCI DSS (iii) EI3PA (iv) SSAE16 – SOC2 or SOC 3 (v) FISMA
Appears in 1 contract
Samples: Master Services Agreement
Mobile and Cloud Technology. Client will not store Credit Bureau Data on mobile devices. Any exceptions will be obtained from the specifically effected Credit Bureau. Mobile applications development must follow industry known secure software development standard practices such as OWASP and OWASP Mobile Security Project adhering to common controls and addressing top risks.
a. Mobile applications development processes must follow secure software assessment methodology which includes appropriate application security testing (for example: static, dynamic analysis, penetration testing) and ensuring vulnerabilities are remediated.
b. Mobility solution server/system should be hardened in accordance with industry and vendor best practices such as Center for Internet Security (CIS) benchmarks, NIS, NSA, DISA and/or other.
c. Mobile applications and data shall be hosted on devices through a secure container separate from any personal applications and data. See details below. Under no circumstances is Credit Bureau Data to be exchanged between secured and nonsecured applications on the mobile device.
d. In case of non-consumer access, that is, commercial/business-to-business (B2B) users accessing Credit Bureau Data via mobile applications (internally developed or using a third-party application), ensure that multi-factor authentication and/or adaptive/ risk-based riskbased authentication mechanisms are utilized to authenticate users to application.
e. When using cloud providers to access, transmit, store, or process Credit Bureau Data ensure that:
1. Appropriate due diligence is conducted to maintain compliance with applicable laws and regulations and contractual obligations
2. Cloud providers must have gone through independent audits and are compliant with one or more of the following standards, or a current equivalent as approved/recognized by the Credit Bureaus:
(i) ISO 27001 (ii) PCI DSS (iii) EI3PA (iv) SSAE16 – SOC2 or SOC 3 (v) FISMA
Appears in 1 contract
Samples: Master Services Agreement